Trustwave File Type Release Notes

Last Revision: September 27, 2021

The File Type module is used by Trustwave SEG and Trustwave ECM. Updates are made available for recent versions through the Automatic Updates service. Each product release includes the current update of FileType.


Note: File extensions are provided in this document for reference only. File Type recognizes files based on their structure and not by the file name or extension.

New Features

For more information about additional minor features and bug fixes, see the release history.

Features new in 8.1.5

Features new in 8.1.4

Features new in 8.1.3

Features new in 8.1.1

Features new in 8.0.1

Features new in 8.0.0

Features new in 7.14.1

Features new in 7.14.0

Features new in 7.13.3

Features new in 7.13.0

Release History

The following items have been changed or updated in the specific build versions of FileType listed.

8.1.6 (September 27, 2021)

FT-270 Some recent Egress Switch files were not correctly recognized. Fixed.

8.1.5 (July 7, 2021)

FT-137 PERL Encoded files (.ENC) are recognized.
FT-230 Solidworks CAD files (.SPDPRT, .SLDASM, .SLDDRW, .SLDDRT) are recognized.
FT-265 GNU Privacy Guard encrypted (.GPG) files are recognized.

8.1.4 (March 22, 2021)

FT-179 High Efficiency File Format (.HEIC/HEIF) files are recognized.

8.1.3 (October 6, 2020)

FT-144 Universal Disk Format (.UDF) files are recognized.
FT-161 Custom file type definitions were incorrectly duplicated and stored in configuration, causing issues in rare cases. Fixed.
FT-263 Flash objects contained in PDF documents are recognized.

8.1.2 (October 22, 2019)

FT-234 The XML file type could not be selected in user interfaces. Fixed: XML is added to the group "Other".
FT-236 RAR files between 20 and 100 bytes in size were not correctly detected. Fixed.

8.1.1 (January 24, 2019)

FT-127 XML files are recognized by type.
FT-134 Shapefile (SHP) and Shapefile Index (SHX) files are recognized.
FT-153 QuickBooks Company files (QBW) are recognized.
FT-160 VBScript files were recognized as JavaScript. Fixed: VBScript (VBS) is added as a separate type.
FT-181 MSI and CAB files are included in the Executable group as well as the Archive group.
FT-182 7zip files are not checked for encryption at the partial download stage.
FT-186 PEM encoded certificates have been moved from the "Encrypted" group to the "Other" group because the certificates are not encrypted content.
FT-192 OCSP response files are recognized.
FT-194 MSIX response files are recognized.
FT-210 Larger CRL files are recognized.
FT-220 Detection of Excel and PowerPoint documents with IRM has been updated for Azure RMS.
FT-222 Password protected Office documents with IRM are recognized.
FT-225 Zip64 files are recognized.
FT-231 Encrypted PowerPoint 2003 files are recognized.

8.1.0 (June 27, 2018)

This release is identical in functionality to release 8.0.3. It is provided for SEG 8.1.

8.0.3 (March 29, 2018)

FT-175 HTTP capture files could be incorrectly identified as MAIL. Fixed.
FT-176 Checking of 7Zip archives for password protection did not properly close all file handles. Fixed.

8.0.2 (March 6, 2018)

FT-173 Checking of 7Zip archives could time out for larger or more complex files. Fixed.

8.0.1 (January 30, 2018)

FT-11 Encrypted 7Zip archives are recognized separately from archives that cannot be opened for other reasons such as malformed or corrupt files.
FT-133 Python compiled files (.PYC) are recognized.
FT-135 Extended Media Descriptor files (.MDX, logged as "MDXMedia") are recognized.
FT-141 MATLAB version 4 and 5 files (.MAT) are recognized.
FT-146 WebM video format  (.WEBM) is recognized.
FT-147 WebP images  (.WEBP) are recognized.
FT-150 XZ compressed files are recognized.
FT-163 dBase Memo Field Files (.DBT) and Multiple Index Files (.MDX, logged as "MDXdBase") are recognized.

8.0.0 (July 18, 2017)

FT-75 PEM encoded certificates and RSA Keys (.PEM) are recognized.
FT-154 Microsoft Visio 2013 files (.VSDX) are recognized.
FT-156 Additional variants of Zip archives are recognized.
FT-157 A file containing a symbolic link to itself caused an error in file type processing. Fixed.
FT-158 Regular expression matching for vCard identification could cause the Engine to stop in rare cases. Fixed.

7.14.1 (March 28, 2017)

FT-98 Recognition of Encapsulated PostScript (EPS) files is improved.
FT-132 Apple Binary Property List files (.PLIST) are recognized.

7.14.0 (December 15, 2016)

FT-131 Apple iWork Archive files (.IWA) are recognized.
FT-142 RAR 5.0 archives are recognized as RAR type.
FT-143 vCard files (.VCF) are recognized, including new variants that use B64 encoded sections.
FT-148 Windows Script Files (.WSF) are recognized.
FT-149 QuickBooks Backup files (.QBB) are recognized.
FT-151 The eicar.com virus test string was typed as COM instead of TEXT. Fixed.

7.13.5 (April 5, 2016)

FT-140 Password protected Excel files might not be detected if the OLE stream name was not as expected. Fixed.
FT-139 Some Office 2003 documents were detected as type OLE instead of DOC, affecting unpacking and other detection. Fixed.

7.13.4 (March 3, 2016)

FT-138 Detection of Document Data/ActiveMime (MSO) content is improved.

7.13.3 (February 4, 2016)

FT-39 dBASE/Xbase files (.DBF) are recognized.
FT-82  Installshield Cabinet (.CAB) files are recognized.
FT-92  Independent Color Matching Profile (.ICM) files are recognized.
FT-93  Autocad Plotting Support (.CTB) files are recognized.
FT-94  Clarion TopSpeed (.TPS) files are recognized.
FT-108  Microsoft Access 2007 Database (.ACCDB) files are recognized.
FT-115  Event Log XML (.EVTX) files are recognized.
FT-122 Open Document Text Layout-cache (ODTCache, unpacked from ODT files) is recognized.
FT-136 Encore Music Notation (.ENC) files are recognized.
UNPACK-45 Binary objects unpacked from Microsoft CHM files are recognized as "CHM Binary Object".

7.13.2 (November 24, 2015)

FT-129 Password protected Excel workbooks (.XLS) were not correctly handled. Fixed.

7.13.1 (November 12, 2015)

FT-125 Certain DOCX files created by non MS Office applications were not recognized because they do not contain a docprops file.
FT-128 Password protected Excel files were not correctly handled. Fixed.

7.13.0 (November 4, 2015)

FT-76 Egress Switch files (SWITCH) are recognized.
FT-104 ActiveX Binary objects in Word and Excel documents (ActiveXObject) are recognized.
FT-112 StereoLithography files (STL) are recognized.
FT-113 PDF type checking is moved after other document types to reduce false positives.
FT-114 Some components were not correctly identified as mail components if they contained only header data and no body. Fixed.
FT-119 Redhat Package Manager files (RPM) are recognized.
FT-120 Debian package files (DEB) are recognized.
FT-121 Suspect PDF files are better recognized as "invalid PDF".

7.12.1 (May 3, 2015)

FT-111 Encrypted PDF files were incorrectly detected as BIN.

Changes prior to version 7.12 were mentioned in the Trustwave SEG or Trustwave ECM Release Notes.

Legal Notice

Copyright © 2021 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave Fusion® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.